SECTION I— CLAIMS 



Amendment to the Claims: 

This listing of the claims will replace all prior versions and listings of claims in the 
application. Claims 26-30, 32, 34-38, and 40-43 are amended herein. Claims 1-25 remain 
canceled herein without prejudice. New claim 45 is presented herein. Claims 26-45 remain 
pending in the appUcation. 

Listing of Claims; 

1-25. (Canceled). 

26. (Currently amended) A method in a packet forwarder, comprising: 
receiving a connection request from a n unauthorized computing device at a first port of the 
packet forwarder, the unauthorized computing device requesting access to a network 
communicably interfaced with a second port of the packet forwarder : 
blocking all data packets received at the first port of the packet forwarder from accessing the 
network; 

issuing the unauthorized computing device a first Internet Protocol (IP) address assigned to a 
first Virtual Local Area Network (VLAN) communicably int e rfac e d with operating 
within the packet forwarder and associated with the first port , wherein the first VLAN 
does not provide access to the network communicably interfaced with the packet 
forwarder via the second port, and wherein the packet forwarder blocks the data packets 
in the first VLAN from reaching and is isolat e d from a permanent VLAN that provides 
access to the networ k, the permanent VLAN operating within the network and associated 
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with the second port of the packet forwarder and not the first port of the packet 

forwarder; 

sending the unauthorized computing device an authentication request through the first port of the 
packet forwarder via the first VLAN based on the first IP address, responsive to the 

connection request; 

authorizing the computing device based on satisfactory receiving authentication credentials 

received from the computing device through the first port of the packet forwarder via the 
first VLAN, responsive to the authentication request; 

issuing the authorized computing device a replacement IP address assigned to the permanent 

VLAN for communication with the network and associating the first port of the network 
forwarder with the permanent VLAN; and . responsive to receiving satisfactory 
auth e ntication cr e d e ntials from th e computing d e vic e ; and 

forwarding n e twork the data packets b e tw ee n th e received from the authorized computing device 
at the first port of the packet forwarder to m4 the network via the second port of the 
packet forwarder using ever the permanent VLAN based on the replacement IP address 
assigned to the authorized computing device . 

27. (Currently amended) The method of claim 26, wherein receiving the connection request from 

the unauthorized computing device requesting access to the network comprises: 
intercepting a request from the unauthorized computing device for a web page. 

28. (Currently amended) The method of claim 26, wherein sending the unauthorized computing 

device the authentication request comprises: 
directing the unauthorized computing device to a network login page for authentication, the 
network login page accessible on the first VLAN. 
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29. (Currently amended) The method of claim 28, wherein authorizing the computing device 

based on satisfactory receiving the authentication credentials from the computing device 
via the first VLAN, responsive to the authentication request comprises: 
receiving at least a user name and a password from the unauthorized computing device based on 
information captured by the network login page. 

30. (Currently amended) The method of claim 28, wherein directing the unauthorized computing 

device to the network login page for authentication comprises: 
responding to the unauthorized computing device with a redirect to a Uniform Resource Locator 
(URL) address for the network login page. 

3 1 . (Previously presented) The method of claim 26, further comprising: 
sending the authentication credentials to an authentication server; and 

receiving an indication from the authentication server that the authentication credentials are 
authentic and that a user associated with the authentication credentials is authorized to 
access the network. 

32. (Currently amended) The method of claim 31, wherein sending the authentication credentials 

to the authentication server comprises: 
creating a packet comprising the authentication credentials in accordance with a Remote 

Authentication Dial-In User Service (RADIUS) communications protocol; and 
forwarding the packet to a RADIUS server for authenticatio n, wherein the RADIUS server is 

accessible from the first VLAN . 

33. (Previously presented) The method of claim 26, wherein the packet forwarder comprises a 

switch device located at an edge of the network to provide packet-forwarding services 
into the network. 
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34. (Currently amended) The method of claim 26, further comprising: 

terminating forwarding of the network data packets between the authorized computing device 

and the network based on one or more events including: 
exceeding a pre-determined period of inactivity by the authorized computing device; 
receiving a reset signal is from a network login controller communicably interfaced with the 

packet forwarder; 

receiving a termination command from an adminisfrator account requesting forwarding of the 
network data packets between the authorized computing device and the network be 

terminated; 

determining a network connection between the authorized computing device and the packet 

forwarder is disconnected; and 
determining a user of the authorized computing device has logged off of the computing device. 

35. (Currently amended) A computer-readable medium having instructions stored thereon that, 

when executed by a processor, cause the processor to perform a method comprising: 
receiving a connection request from a n unauthorized computing device at a first port of a packet 

forwarder, the unauthorized computing device requesting access to a network 

communicably interfaced with a second port of the packet forwarder; 
blocking all data packets received at the first port of the packet forwarder from accessing the 

network; 

issuing the unauthorized computing device a first Internet Protocol (IP) address assigned to a 
first Virtual Local Area Network (VLAN) communicably interfaced with operating 

within the packet forwarder and associated with the first port , wherein the first VLAN 
does not provide access to the network communicably interfaced with the packet 
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forwarder via the second port, and wherein the packet forwarder blocks the data packets 
in the first VLAN from reaching and is isolated from a permanent VLAN that provides 
access to the networ k, the permanent VLAN operating within the network and associated 
with the second port of the packet forwarder and not the first port of the packet 

forwarder ; 

sending the unauthorized computing device an authentication request through the first port of the 
packet forwarder via the first VLAN based on the first IP address, responsive to the 
connection request; 

authorizing the computing device based on satisfactory receiving authentication credentials 

received from the computing device through the first port of the packet forwarder via the 

first VLAN, responsive to the authentication request; 
issuing the authorized computing device a replacement IP address assigned to the permanent 

VLAN for communication with the networ k and associating the first port of the network 

forwarder with the permanent VLAN; and , rosponsivo to rocoiving satisfactory 

authentication crodontials from the computing dovico; and 
forwarding network the data packets botwoon tho received from the authorized computing device 

a t the first port of the packet forwarder to a«d the network via the second port of the 

packet forwarder using ewr the permanent VLAN based on the replacement IP address 

assigned to the authorized computing device . 
36. (Currently amended) The computer-readable medium of claim 35, wherein receiving the 

connection request from the unauthorized computing device requesting access to the 

network comprises: 

intercepting a request from the unauthorized computing device for a web page. 
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37. (Currently amended) The computer-readable medium of claim 35, wherein: 

sending the unauthorized computing device the authentication request comprises directing the 
computing device to a network login page for authentication, the network login page 
accessible on the first VLAN; and wherein 

receiving the authentication credentials from the unauthorized computing device via the first 
VLAN, responsive to the authentication request comprises receiving user identification 
data from the unauthorized computing device based on information captured by the 
network login page. 

38. (Currently amended) The computer-readable medium of claim 37, wherein directing the 

unauthorized computing device to the network login page for authentication comprises: 
responding to the unauthorized computing device with a redirect to a Uniform Resource Locator 
(URL) address for the network login page. 

39. (Previously presented) The computer-readable medium of claim 35, fiirther comprising: 
sending the authentication credentials to a Remote Authentication Dial-In User Service 

(RADIUS) compatible authentication server; and 
receiving an indication from the RADIUS compatible authentication server that the 

authentication credentials are authentic and that a user associated with the authentication 
credentials is authorized to access the network. 

40. (Currently amended) A system comprising: 

means for receiving a connection request from an unauthorized computing device at a first port 
of a packet forwarder, the unauthorized computing device requesting access to a network 

communicably interfaced with a second port of the packet forwarder ; 
means for blocking all data packets received at the first port of the packet forwarder from 
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accessing the network; 
means for issuing the unauthorized computing device a first Intemet Protocol (IP) address 

assigned to a first Virtual Local Area Network (VLAN) communicably int e rfac e d with 
operating within the packet forwarder and associated with the first port , wherein the first 
VLAN does not provide access to the network communicably interfaced with the packet 
forwarder via the second port, and wherein the packet forwarder blocks the data packets 
in the first VLAN fi-om reaching and is isolat e d fi-om a permanent VLAN that provides 
access to the networ k, the permanent VLAN operating within the network and associated 
with the second port of the packet forwarder and not the first port of the packet 
forwarder: 

means for sending the unauthorized computing device an authentication request through the first 
port of the packet forwarder via the first VLAN based on the first IP address, responsive 
to the connection request; 

means for authorizing the computing device based on satisfactory rocoiving authentication 
credentials received from the computing device through the first port of the packet 
forwarder via the first VLAN, responsive to the authentication request; 

means for issuing the authorized computing device a replacement IP address assigned to the 

permanent VLAN for communication with the network and associating the first port of 
the network forwarder with the permanent VLAN: and . responsive to receiving 
satisfactory authontioation crodontials fi'om the computing do\ioo; and 

means for forwarding network the data packets between the received fi'om the authorized 
computing device a t the first port of the packet forwarder to and the network via the 
second port of the packet forwarder using evef the permanent VLAN based on the 
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replacement IP address assigned to the authorized computing device . 

41 . (Currently amended) The system computer readable medium of claim 40, wherein receiving 

the connection request from the unauthorized computing device requesting access to the 
network comprises: 

means for intercepting a request from the unauthorized computing device for a web page. 

42. (Currently amended) The system of claim 40, wherein: 

sending the unauthorized computing device the authentication request comprises means for 

directing the unauthorized computing device to a network login page for authentication, 
the network login page accessible on the first VLAN; and wherein 

receiving the authentication credentials from the unauthorized computing device via the first 
VLAN, responsive to the authentication request comprises means for receiving a user 
identification card from the unauthorized computing device based on information 
captured by the network login page. 

43. (Currently amended) The system of claim 42, wherein directing the unauthorized computing 

device to the network login page for authentication comprises: 
means for responding to the unauthorized computing device with a redirect to a Uniform 
Resource Locator (URL) address for the network login page. 

44. (Previously presented) The system of claim 40, further comprising: 

means for sending the authentication credentials to a Remote Authentication Dial-In User 

Service (RADIUS) compatible authentication server; and 
means for receiving an indication from the RADIUS compatible authentication server that the 

authentication credentials are authentic and that a user associated with the authentication 

credentials is authorized to access the network. 
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45. (New) The method of claim 26, wherein the authentication credentials received from the 

unauthorized computing device comprise user-specific credentials which are independent 
of hardware associated with the unauthorized computing device; and wherein 

authorizing the unauthorized computing device based on satisfactory authentication credentials 
received from the unauthorized computing device comprises authorizing a user of the 
unauthorized computing device based on the user-specific credentials. 
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